Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,324
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Mattermost allows other users to determine when users had read channels via channel member objects Low
CVE-2025-55074 was published for github.com/mattermost/mattermost-server (Go) Nov 18, 2025
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes Moderate
CVE-2025-64436 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
Dragonfly's directories created via os.MkdirAll are not checked for permissions Low
CVE-2025-59349 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd Moderate
CVE-2025-7195 was published for github.com/operator-framework/operator-sdk (Go) Aug 7, 2025
melange's world-writable permissions expose SBOM files to potential image tampering Moderate
CVE-2025-54059 was published for chainguard.dev/melange (Go) Jul 18, 2025
markusboehme egibs
codyharris-h2o-ai stevebeattie eslerm
Credited to markusboehme, egibs, codyharris-h2o-ai, stevebeattie, and eslerm
apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files High
CVE-2025-53945 was published for chainguard.dev/apko (Go) Jul 18, 2025
vishal-chdhry codyharris-h2o-ai
eslerm
Credited to vishal-chdhry, codyharris-h2o-ai, and eslerm
filebrowser Sets Insecure File Permissions Moderate
CVE-2025-52900 was published for github.com/filebrowser/filebrowser (Go) Jun 27, 2025
mtausig hacdias
Credited to mtausig and hacdias
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact Moderate
CVE-2025-6264 was published for www.velocidex.com/golang/velociraptor (Go) Jun 20, 2025
PipeCD Vulnerable to Privilege Escalation High
CVE-2024-53351 was published for github.com/pipe-cd/pipecd (Go) Mar 21, 2025
MaysWind ezBookkeeping has Improper Privilege Management Critical
CVE-2024-57604 was published for github.com/mayswind/ezbookkeeping (Go) Feb 13, 2025
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) High
CVE-2024-54131 was published for github.com/kolide/launcher (Go) Dec 3, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present Moderate
CVE-2024-47825 was published for github.com/cilium/cilium (Go) Oct 21, 2024
christarazi
Credited to christarazi
Kubean vulnerable to cluster-level privilege escalation High
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
Credited to younaman
Kubernetes sets incorrect permissions on Windows containers logs High
CVE-2024-5321 was published for k8s.io/kubernetes (Go) Jul 18, 2024
nfpm has incorrect default permissions High
CVE-2023-32698 was published for github.com/goreleaser/nfpm (Go) May 24, 2023
oCHRISo caarlos0
djgilcrease
Credited to oCHRISo, caarlos0, and djgilcrease
Rancher Webhook is misconfigured during upgrade process Critical
CVE-2023-22651 was published for github.com/rancher/rancher (Go) Apr 24, 2023
pjbgf
Credited to pjbgf
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
Credited to tasoskoutlis-f3, daniel-f3, and mag-ocz
Incorrect Default Permissions in Beego Moderate
CVE-2019-16355 was published for github.com/astaxie/beego (Go) May 24, 2022
Access to Unix domain socket can lead to privileges escalation in Cilium High
CVE-2022-29178 was published for github.com/cilium/cilium (Go) May 24, 2022
daniel-f3 danmx
Credited to daniel-f3 and danmx
Default inheritable capabilities for linux container should be empty Moderate
CVE-2022-29162 was published for github.com/opencontainers/runc (Go) May 24, 2022
AndrewGMorgan
Credited to AndrewGMorgan
Singularity insecure permissions High
CVE-2019-19724 was published for github.com/sylabs/singularity (Go) May 24, 2022
Incorrect Default Permissions in CRI-O Moderate
CVE-2022-27652 was published for github.com/cri-o/cri-o (Go) Apr 22, 2022
AndrewGMorgan
Credited to AndrewGMorgan
Podman's default inheritable capabilities for linux container not empty High
CVE-2022-27649 was published for github.com/containers/podman/v4 (Go) Apr 1, 2022
AndrewGMorgan
Credited to AndrewGMorgan
Non-empty default inheritable capabilities for linux container in Buildah Moderate
CVE-2022-27651 was published for github.com/containers/buildah (Go) Apr 1, 2022
AndrewGMorgan
Credited to AndrewGMorgan
User login denial of service in github.com/google/fscrypt Moderate
CVE-2022-25327 was published for github.com/google/fscrypt (Go) Feb 26, 2022
tdunlap607
Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database